Understanding Protocol Analysis

Protocol analysts know how to employ esoteric hardware and/or software tools to examine traffic in motion across a network. Furthermore, they know how to decode and understand the implications of what they see in that data stream, where network pathologies, outside or inside attacks, poorly designed applications, and strange network layouts, among many other causes, can make life interesting. Author and columnist Ed Tittel explains why such esoterica may not only be of interest, but also of great value to your career as he explores certifications available in this essential technical field.

From the author of

From the author of

Before I can wax too eloquent on the various certifications that relate to protocol analysis, it’s probably a good idea to explain and explore the subject matter for such credentials. To that end, let me offer the following definition: “Protocol analysis consists of employing proper software and/or hardware tools to capture, decode, interpret, and react to the contents of data packets as they transit a network’s media.”

A fundamental tool for protocol analysis is something called a protocol analyzer. As the preceding definition implies, such tools come in software-only and hardware/software flavors. Some of this software is Open Source, available to anyone who wants to download it at no charge; other software is commercial and can cost as much as several thousand dollars. Special hardware/software combinations can cost $10,000 or more. In fact, where interfaces to high-speed media like ATM or SONET place high demands on hardware processing capability, speed, buffering, and so forth, high-end, high-speed protocol analyzers can cost upwards of $25,000.

The bodies of knowledge relevant to protocol analysis span the ISO/OSI Reference Model from Layer 1 (hardware, connections, and so forth) all the way through Layer 7 (application interfaces). But the primary emphasis in this field—except when working with software developers to test or debug code—falls from layers 2 (Data Link) through 5 (Session). Nevertheless, a strong background in networking fundamentals is a must for would-be protocol analysts, especially in the layers most relevant to designing and implementing physical networks. The following topics are entirely germane to this kind of work (and thus, to related certifications):

It’s not at all unreasonable to think of protocol analysis as a kind of cap to one’s career as a network professional. By extension, this make a protocol analysis certification likely to fall rather later than earlier in one’s career, and itself to be a kind of capstone for other, less formidable certifications.

The Protocol Analysis Certification Landscape

As is true for so many other kinds of IT certifications, protocol analysis credentials come in both vendor-neutral and vendor-specific sorts. For the former, this means a more general, catholic approach to the tools used for analysis as well as to the protocol suites subject to analysis; for the latter, it means focusing on specific analytical tools, but also usually implies a rather more open view on protocol suites and related services. Table 1 provides a list of useful credentials that can serve as warm-ups to protocol analysis certifications; Table 2 covers the small number of “pure” protocol analysis certifications currently available.

To identify individuals qualified to work as network managers, systems analysts, engineers, planners, IS and IT professionals, or support technicians involved in day-to-day network planning, operations, and management.

http://www.learningtree.com/us/cert/progs/7065.htm#

TCP/IP Certified Professional

To identify individuals qualified to work as network or system administrators, network planners or support personnel, or system analysts in environments where TCP/IP protocols and services are in use.

http://www.learningtree.com/us/cert/progs/7045.htm#

Lucent Tech

Lucent Certified Technical Expert (LCTE)

Lucent offers associate and specialist credentials in ATM, Frame Relay, internetworking, DSL, VoIP, and VPNs that should all provide good preparation for protocol analysis.

http://www.gocertify.com/vendors/Lucent.shtml

NACSE

Senior Network Specialist (NSNS)

Identifies advanced networking and telecom specialists with good knowledge of network design, protocols, services, and troubleshooting.

Remember, the intent of including these warm-up certifications for protocol analysis is to identify programs where protocols and services receive enough attention and coverage to help individuals prepare for the items covered in Table 2. None of the credentials covered in Table 1 would qualify an individual who attained them as a “protocol analyst” (this is especially true of the CCIE which, despite its profound cachet and market value, does not mold truly well-rounded protocol analysts).

Table 2—"Pure" Protocol Analysis Certifications

Vendor/Org

Title (Acronym)

Explanation

URL

Pine Mtn Group

Certified NetAnalyst-Cross Technology

Formerly the NetAnalyst Level I, this credential focuses on general protocol analysis and identifies those who seek to design, manage, and troubleshoot production networks, LANs, and WANs.